Customer Story

The CTO Agency

Industry Driver Company Size
MSP, IT Services & Consulting NIST Compliance 2

The Challenge

The CTO Agency needed a SIEM solution that met strict controls for NIST compliance, including logging, SIEM and alerting of anomalous activity.

The Solution

Blumira’s SIEM and endpoint agent allow The CTO Agency to offer a solution to their customers to meet NIST compliance, gain more visibility and detect any risky or malicious behavior.

The team has a lot to do with my satisfaction...your entire support team has been awesome. They are willing to go out of their way for you. Every time I open a ticket or have any other type of interaction – the experience has been great. Blumira is at the top of the list when it comes to customer support.

Frank DeLuca

The CTO Agency

The CTO Agency is a security-focused IT services business. Founded by a former Chief Technology Officer with over 20 years of experience in the insurance industry, they specialize in providing enterprise-class IT solutions tailored to small businesses. They offer virtual CTOs, managed/co-managed IT services, backup and disaster recovery, VOIP, network solutions and cybersecurity services.

The Challenge: Meeting NIST Compliance For Logging, SIEM & Alerting

The CTO Agency President Frank DeLuca previously ran IT for a local insurance company and split off on his own to create his own IT consulting firm. His customers are primarily in the finance industry, with a few insurance and accounting companies.

He needed a solution to help meet strict controls for IT regulations and compliance, including logging, SIEM and alerting of anomalous activity, as required by the Department of Insurance. They asked questions that pertained to NIST controls; NIST is the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce.

The NIST Special Publication (NIST SP) 800-171 is a set of compliance controls and security framework that applies to non-federal companies, including government contractors and subcontractors. It provides guidance on how to handle and secure Controlled Unclassified Information (CUI). Examples of organizations that need to meet NIST 800-171:

  • Universities supported by federal grants
  • Manufacturers supplying goods to federal agencies
  • Service providers for federal agencies

The Solution: Blumira’s SIEM For MSPs & NIST Compliance

DeLuca was looking to get a solution in place to help gain visibility into his clients’ environments and provide more defensive security, as well as helping them meet NIST compliance. He considered options like GrayLog and other service providers for managed SOC services, but found they were built more for bigger enterprises or required too much hands-on work. He found Blumira’s SIEM platform to be a good match for his IT service.

Blumira’s SIEM helps DeLuca satisfy NIST compliance requirements for his clients, including:

  • NIST 3.3.1 – Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
  • NIST 3.3.3 – Review and update logged events.
  • NIST 3.3.5 – Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity

See the full list of NIST 800-171 controls that Blumira can help satisfy.

In addition to compliance, Blumira’s security and engineering teams provide trusted partner-levels of support to make sure The CTO Agency is successful with their deployments and use of the platform. Blumira also has dedicated Solution Architects (SAs) to help onboard every customer.

“The team has a lot to do with my satisfaction. Everyone I’ve worked with has been super helpful, including Chris and Amanda. They are great to work with – in fact, your entire support team has been awesome. They are willing to go out of their way for you. Every time I open a ticket or have any other type of interaction – the experience has been great. Blumira is at the top of the list when it comes to customer support,” DeLuca said.

Blumira’s cloud SIEM is designed to be deployed quickly by small teams with their existing resources, within minutes vs. months that it can take to implement other legacy SIEM solutions. Blumira Agent is also quick and easy to install remotely on devices for endpoint monitoring and response.

“It was very easy. I followed the step-by-step guides for a couple of my clients; deployed the server, followed the guide and did it – no problem. I deployed to endpoints with the RMM tool and used Blumira’s script. It was easier than I thought and I was happy with that. Blumira Agent is on a handful of machines right now. It alerts me when it detects potential threats and is great for endpoints that aren’t directly attached to the corporate network,” DeLuca said.

With Blumira Agent, organizations can run a lightweight endpoint agent on their devices that detects P1-P3 threats, then leverage automated response capabilities to immediately contain an affected device. This helps IT admins that may not have 24/7 staff available to investigate or act quickly enough to cut off an attacker’s access to their (or their clients’) systems.

The strongest value Blumira provides for The CTO Agency is the greater security visibility into their customers’ networks. Prior to Blumira, they didn’t have centralized logs or visibility; having a central point and being able to search everything was a good value-add for the MSP.

“For example, now we can see when someone opens an excel file containing clear-text passwords. We can then let the client know that this is a bad practice, and get them set up on a password manager instead – that’s something I would never have known about if it weren’t for Blumira. We can also see when malicious commands are being run and get alerts for that so we can respond accordingly,” DeLuca said. “During one of our client’s pentest engagements, Blumira enabled us to follow the attacker throughout most of the process.”

Blumira’s all-in-one platform combines logging with endpoint visibility and automated response, enabling MSPs to gain better visibility, detect previously unknown security threats and risks, and provide additional protection against a breach.

“I would definitely tell everyone to use Blumira. I think that you should take a layered approach to security, and Blumira’s SIEM should be part of your MSP stack. It’s one more tool in the toolbox,” DeLuca said.


Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.